All Collections
December 31, 2023
Data Collection
Troubleshooting data collection
Troubleshooting "Cannot create SSL/TLS secure channel" error
Troubleshooting "Cannot create SSL/TLS secure channel" error

Troubleshoot SSL/TLS channel issues on Windows Server 2012 R2

Alpha Team avatar
Written by Alpha Team
Updated over a week ago

Prerequisites

You must have access to the Windows Server where OneIQ Pulse is installed.

Overview

The "Cannot create SSL/TLS secure channel" error typically occurs when there is a problem establishing a secure connection using the SSL/TLS protocol. This error message indicates that the client was unable to negotiate a secure connection with the server.

To securely connect your OneIQ Pulse data connector to OneIQ servers, a certain level of SSL/TLS is required. When an SSL/TLS secure channel cannot be created, the following error is displayed in OneIQ Pulse:

Solution

If you run into this error and are using Windows Server 2012 R2, you may have the minimum SSL/TLS requirements required, but it may not be enabled by default.

To enable TLS 1.2, run PowerShell as an administrator (right-click on the Windows PowerShell search result, and then click on "Run as administrator") and execute the following commands: 

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord 
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v2.0.50727' -Name 'SystemDefaultTlsVersions' -Value '1' -Type Dword
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord 
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SystemDefaultTlsVersions' -Value '1' -Type Dword
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\' -Name 'DefaultSecureProtocols' -Value '2048' -Type Dword

New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -Type Dword
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -Type DWord 

Restart-Computer -Confirm

These commands are used to configure and enable specific encryption protocols and settings on a Windows system to ensure secure communication over the network.

Once the OneIQ Pulse Server is restarted, try specifying the connection key again and click OK.

Did this answer your question?